1 /* $OpenBSD: if_bridge.c,v 1.307 2018/02/19 08:59:52 mpi Exp $ */ 2 3 /* 4 * Copyright (c) 1999, 2000 Jason L. Wright (jason@thought.net) 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 19 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 25 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 * 28 * Effort sponsored in part by the Defense Advanced Research Projects 29 * Agency (DARPA) and Air Force Research Laboratory, Air Force 30 * Materiel Command, USAF, under agreement number F30602-01-2-0537. 31 * 32 */ 33 34 #include "bpfilter.h" 35 #include "gif.h" 36 #include "pf.h" 37 #include "carp.h" 38 #include "vlan.h" 39 #include "mpw.h" 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/mbuf.h> 44 #include <sys/socket.h> 45 #include <sys/ioctl.h> 46 #include <sys/kernel.h> 47 48 #include <net/if.h> 49 #include <net/if_types.h> 50 #include <net/if_llc.h> 51 #include <net/netisr.h> 52 53 #include <netinet/in.h> 54 #include <netinet/ip.h> 55 #include <netinet/ip_var.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/ip_icmp.h> 58 59 #ifdef IPSEC 60 #include <netinet/ip_ipsp.h> 61 #include <net/if_enc.h> 62 #endif 63 64 #ifdef INET6 65 #include <netinet6/in6_var.h> 66 #include <netinet/ip6.h> 67 #include <netinet6/ip6_var.h> 68 #endif 69 70 #if NPF > 0 71 #include <net/pfvar.h> 72 #define BRIDGE_IN PF_IN 73 #define BRIDGE_OUT PF_OUT 74 #else 75 #define BRIDGE_IN 0 76 #define BRIDGE_OUT 1 77 #endif 78 79 #if NBPFILTER > 0 80 #include <net/bpf.h> 81 #endif 82 83 #if NCARP > 0 84 #include <netinet/ip_carp.h> 85 #endif 86 87 #if NVLAN > 0 88 #include <net/if_vlan_var.h> 89 #endif 90 91 #include <net/if_bridge.h> 92 93 /* 94 * Maximum number of addresses to cache 95 */ 96 #ifndef BRIDGE_RTABLE_MAX 97 #define BRIDGE_RTABLE_MAX 100 98 #endif 99 100 /* 101 * Timeout (in seconds) for entries learned dynamically 102 */ 103 #ifndef BRIDGE_RTABLE_TIMEOUT 104 #define BRIDGE_RTABLE_TIMEOUT 240 105 #endif 106 107 void bridgeattach(int); 108 int bridge_ioctl(struct ifnet *, u_long, caddr_t); 109 void bridge_ifdetach(void *); 110 void bridge_spandetach(void *); 111 int bridge_input(struct ifnet *, struct mbuf *, void *); 112 void bridge_process(struct ifnet *, struct mbuf *); 113 void bridgeintr_frame(struct bridge_softc *, struct ifnet *, struct mbuf *); 114 void bridge_broadcast(struct bridge_softc *, struct ifnet *, 115 struct ether_header *, struct mbuf *); 116 void bridge_localbroadcast(struct bridge_softc *, struct ifnet *, 117 struct ether_header *, struct mbuf *); 118 void bridge_span(struct bridge_softc *, struct mbuf *); 119 void bridge_stop(struct bridge_softc *); 120 void bridge_init(struct bridge_softc *); 121 int bridge_bifconf(struct bridge_softc *, struct ifbifconf *); 122 int bridge_blocknonip(struct ether_header *, struct mbuf *); 123 void bridge_ifinput(struct ifnet *, struct mbuf *); 124 int bridge_dummy_output(struct ifnet *, struct mbuf *, struct sockaddr *, 125 struct rtentry *); 126 #ifdef IPSEC 127 int bridge_ipsec(struct bridge_softc *, struct ifnet *, 128 struct ether_header *, int, struct llc *, 129 int, int, int, struct mbuf *); 130 #endif 131 int bridge_clone_create(struct if_clone *, int); 132 int bridge_clone_destroy(struct ifnet *ifp); 133 int bridge_delete(struct bridge_softc *, struct bridge_iflist *); 134 135 #define ETHERADDR_IS_IP_MCAST(a) \ 136 /* struct etheraddr *a; */ \ 137 ((a)->ether_addr_octet[0] == 0x01 && \ 138 (a)->ether_addr_octet[1] == 0x00 && \ 139 (a)->ether_addr_octet[2] == 0x5e) 140 141 struct niqueue bridgeintrq = NIQUEUE_INITIALIZER(1024, NETISR_BRIDGE); 142 143 struct if_clone bridge_cloner = 144 IF_CLONE_INITIALIZER("bridge", bridge_clone_create, bridge_clone_destroy); 145 146 void 147 bridgeattach(int n) 148 { 149 if_clone_attach(&bridge_cloner); 150 } 151 152 int 153 bridge_clone_create(struct if_clone *ifc, int unit) 154 { 155 struct bridge_softc *sc; 156 struct ifnet *ifp; 157 int i; 158 159 sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK|M_ZERO); 160 sc->sc_stp = bstp_create(&sc->sc_if); 161 if (!sc->sc_stp) { 162 free(sc, M_DEVBUF, sizeof *sc); 163 return (ENOMEM); 164 } 165 166 sc->sc_brtmax = BRIDGE_RTABLE_MAX; 167 sc->sc_brttimeout = BRIDGE_RTABLE_TIMEOUT; 168 timeout_set(&sc->sc_brtimeout, bridge_rtage, sc); 169 TAILQ_INIT(&sc->sc_iflist); 170 TAILQ_INIT(&sc->sc_spanlist); 171 for (i = 0; i < BRIDGE_RTABLE_SIZE; i++) 172 LIST_INIT(&sc->sc_rts[i]); 173 arc4random_buf(&sc->sc_hashkey, sizeof(sc->sc_hashkey)); 174 ifp = &sc->sc_if; 175 snprintf(ifp->if_xname, sizeof ifp->if_xname, "%s%d", ifc->ifc_name, 176 unit); 177 ifp->if_softc = sc; 178 ifp->if_mtu = ETHERMTU; 179 ifp->if_ioctl = bridge_ioctl; 180 ifp->if_output = bridge_dummy_output; 181 ifp->if_xflags = IFXF_CLONED; 182 ifp->if_start = NULL; 183 ifp->if_type = IFT_BRIDGE; 184 ifp->if_hdrlen = ETHER_HDR_LEN; 185 186 if_attach(ifp); 187 if_alloc_sadl(ifp); 188 189 #if NBPFILTER > 0 190 bpfattach(&sc->sc_if.if_bpf, ifp, 191 DLT_EN10MB, ETHER_HDR_LEN); 192 #endif 193 194 if_ih_insert(ifp, ether_input, NULL); 195 196 return (0); 197 } 198 199 int 200 bridge_dummy_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 201 struct rtentry *rt) 202 { 203 m_freem(m); 204 return (EAFNOSUPPORT); 205 } 206 207 int 208 bridge_clone_destroy(struct ifnet *ifp) 209 { 210 struct bridge_softc *sc = ifp->if_softc; 211 struct bridge_iflist *bif; 212 213 bridge_stop(sc); 214 bridge_rtflush(sc, IFBF_FLUSHALL); 215 while ((bif = TAILQ_FIRST(&sc->sc_iflist)) != NULL) 216 bridge_delete(sc, bif); 217 while ((bif = TAILQ_FIRST(&sc->sc_spanlist)) != NULL) 218 bridge_spandetach(bif); 219 220 bstp_destroy(sc->sc_stp); 221 222 /* Undo pseudo-driver changes. */ 223 if_deactivate(ifp); 224 225 if_ih_remove(ifp, ether_input, NULL); 226 227 KASSERT(SRPL_EMPTY_LOCKED(&ifp->if_inputs)); 228 229 if_detach(ifp); 230 231 free(sc, M_DEVBUF, sizeof *sc); 232 return (0); 233 } 234 235 int 236 bridge_delete(struct bridge_softc *sc, struct bridge_iflist *p) 237 { 238 int error; 239 240 if (p->bif_flags & IFBIF_STP) 241 bstp_delete(p->bif_stp); 242 243 p->ifp->if_bridgeport = NULL; 244 error = ifpromisc(p->ifp, 0); 245 hook_disestablish(p->ifp->if_detachhooks, p->bif_dhcookie); 246 247 if_ih_remove(p->ifp, bridge_input, NULL); 248 TAILQ_REMOVE(&sc->sc_iflist, p, next); 249 bridge_rtdelete(sc, p->ifp, 0); 250 bridge_flushrule(p); 251 free(p, M_DEVBUF, sizeof *p); 252 253 return (error); 254 } 255 256 int 257 bridge_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 258 { 259 struct bridge_softc *sc = (struct bridge_softc *)ifp->if_softc; 260 struct ifbreq *req = (struct ifbreq *)data; 261 struct ifbropreq *brop = (struct ifbropreq *)data; 262 struct ifnet *ifs; 263 struct bridge_iflist *p; 264 struct bstp_port *bp; 265 struct bstp_state *bs = sc->sc_stp; 266 int error = 0; 267 268 switch (cmd) { 269 case SIOCBRDGADD: 270 /* bridge(4) does not distinguish between routing/forwarding ports */ 271 case SIOCBRDGADDL: 272 if ((error = suser(curproc)) != 0) 273 break; 274 275 ifs = ifunit(req->ifbr_ifsname); 276 277 /* try to create the interface if it does't exist */ 278 if (ifs == NULL && if_clone_create(req->ifbr_ifsname, 0) == 0) 279 ifs = ifunit(req->ifbr_ifsname); 280 281 if (ifs == NULL) { /* no such interface */ 282 error = ENOENT; 283 break; 284 } 285 286 if (ifs->if_bridgeport != NULL) { 287 p = (struct bridge_iflist *)ifs->if_bridgeport; 288 if (p->bridge_sc == sc) 289 error = EEXIST; 290 else 291 error = EBUSY; 292 break; 293 } 294 295 /* If it's in the span list, it can't be a member. */ 296 TAILQ_FOREACH(p, &sc->sc_spanlist, next) 297 if (p->ifp == ifs) 298 break; 299 if (p != NULL) { 300 error = EBUSY; 301 break; 302 } 303 304 if (ifs->if_type == IFT_ETHER) { 305 error = ifpromisc(ifs, 1); 306 if (error != 0) 307 break; 308 } 309 #if NMPW > 0 310 else if (ifs->if_type == IFT_MPLSTUNNEL) { 311 /* Nothing needed */ 312 } 313 #endif /* NMPW */ 314 else { 315 error = EINVAL; 316 break; 317 } 318 319 p = malloc(sizeof(*p), M_DEVBUF, M_NOWAIT|M_ZERO); 320 if (p == NULL) { 321 if (ifs->if_type == IFT_ETHER) 322 ifpromisc(ifs, 0); 323 error = ENOMEM; 324 break; 325 } 326 327 p->bridge_sc = sc; 328 p->ifp = ifs; 329 p->bif_flags = IFBIF_LEARNING | IFBIF_DISCOVER; 330 SIMPLEQ_INIT(&p->bif_brlin); 331 SIMPLEQ_INIT(&p->bif_brlout); 332 ifs->if_bridgeport = (caddr_t)p; 333 p->bif_dhcookie = hook_establish(ifs->if_detachhooks, 0, 334 bridge_ifdetach, ifs); 335 if_ih_insert(p->ifp, bridge_input, NULL); 336 TAILQ_INSERT_TAIL(&sc->sc_iflist, p, next); 337 break; 338 case SIOCBRDGDEL: 339 if ((error = suser(curproc)) != 0) 340 break; 341 ifs = ifunit(req->ifbr_ifsname); 342 if (ifs == NULL) { 343 error = ENOENT; 344 break; 345 } 346 p = (struct bridge_iflist *)ifs->if_bridgeport; 347 if (p == NULL || p->bridge_sc != sc) { 348 error = ESRCH; 349 break; 350 } 351 error = bridge_delete(sc, p); 352 break; 353 case SIOCBRDGIFS: 354 error = bridge_bifconf(sc, (struct ifbifconf *)data); 355 break; 356 case SIOCBRDGADDS: 357 if ((error = suser(curproc)) != 0) 358 break; 359 ifs = ifunit(req->ifbr_ifsname); 360 if (ifs == NULL) { /* no such interface */ 361 error = ENOENT; 362 break; 363 } 364 if (ifs->if_bridgeport != NULL) { 365 error = EBUSY; 366 break; 367 } 368 TAILQ_FOREACH(p, &sc->sc_spanlist, next) { 369 if (p->ifp == ifs) 370 break; 371 } 372 if (p != NULL) { 373 error = EEXIST; 374 break; 375 } 376 p = malloc(sizeof(*p), M_DEVBUF, M_NOWAIT|M_ZERO); 377 if (p == NULL) { 378 error = ENOMEM; 379 break; 380 } 381 p->ifp = ifs; 382 p->bif_flags = IFBIF_SPAN; 383 p->bridge_sc = sc; 384 p->bif_dhcookie = hook_establish(ifs->if_detachhooks, 0, 385 bridge_spandetach, p); 386 SIMPLEQ_INIT(&p->bif_brlin); 387 SIMPLEQ_INIT(&p->bif_brlout); 388 TAILQ_INSERT_TAIL(&sc->sc_spanlist, p, next); 389 break; 390 case SIOCBRDGDELS: 391 if ((error = suser(curproc)) != 0) 392 break; 393 TAILQ_FOREACH(p, &sc->sc_spanlist, next) { 394 if (strncmp(p->ifp->if_xname, req->ifbr_ifsname, 395 sizeof(p->ifp->if_xname)) == 0) { 396 bridge_spandetach(p); 397 break; 398 } 399 } 400 if (p == NULL) { 401 error = ENOENT; 402 break; 403 } 404 break; 405 case SIOCBRDGGIFFLGS: 406 ifs = ifunit(req->ifbr_ifsname); 407 if (ifs == NULL) { 408 error = ENOENT; 409 break; 410 } 411 p = (struct bridge_iflist *)ifs->if_bridgeport; 412 if (p == NULL || p->bridge_sc != sc) { 413 error = ESRCH; 414 break; 415 } 416 req->ifbr_ifsflags = p->bif_flags; 417 req->ifbr_portno = p->ifp->if_index & 0xfff; 418 req->ifbr_protected = p->bif_protected; 419 if (p->bif_flags & IFBIF_STP) { 420 bp = p->bif_stp; 421 req->ifbr_state = bstp_getstate(bs, bp); 422 req->ifbr_priority = bp->bp_priority; 423 req->ifbr_path_cost = bp->bp_path_cost; 424 req->ifbr_proto = bp->bp_protover; 425 req->ifbr_role = bp->bp_role; 426 req->ifbr_stpflags = bp->bp_flags; 427 req->ifbr_fwd_trans = bp->bp_forward_transitions; 428 req->ifbr_desg_bridge = bp->bp_desg_pv.pv_dbridge_id; 429 req->ifbr_desg_port = bp->bp_desg_pv.pv_dport_id; 430 req->ifbr_root_bridge = bp->bp_desg_pv.pv_root_id; 431 req->ifbr_root_cost = bp->bp_desg_pv.pv_cost; 432 req->ifbr_root_port = bp->bp_desg_pv.pv_port_id; 433 434 /* Copy STP state options as flags */ 435 if (bp->bp_operedge) 436 req->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 437 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 438 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 439 if (bp->bp_ptp_link) 440 req->ifbr_ifsflags |= IFBIF_BSTP_PTP; 441 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 442 req->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 443 } 444 break; 445 case SIOCBRDGSIFFLGS: 446 if ((error = suser(curproc)) != 0) 447 break; 448 ifs = ifunit(req->ifbr_ifsname); 449 if (ifs == NULL) { 450 error = ENOENT; 451 break; 452 } 453 p = (struct bridge_iflist *)ifs->if_bridgeport; 454 if (p == NULL || p->bridge_sc != sc) { 455 error = ESRCH; 456 break; 457 } 458 if (req->ifbr_ifsflags & IFBIF_RO_MASK) { 459 error = EINVAL; 460 break; 461 } 462 if (req->ifbr_ifsflags & IFBIF_STP) { 463 if ((p->bif_flags & IFBIF_STP) == 0) { 464 /* Enable STP */ 465 if ((p->bif_stp = bstp_add(sc->sc_stp, 466 p->ifp)) == NULL) { 467 error = ENOMEM; 468 break; 469 } 470 } else { 471 /* Update STP flags */ 472 bstp_ifsflags(p->bif_stp, req->ifbr_ifsflags); 473 } 474 } else if (p->bif_flags & IFBIF_STP) { 475 bstp_delete(p->bif_stp); 476 p->bif_stp = NULL; 477 } 478 p->bif_flags = req->ifbr_ifsflags; 479 break; 480 case SIOCSIFFLAGS: 481 if ((ifp->if_flags & IFF_UP) == IFF_UP) 482 bridge_init(sc); 483 484 if ((ifp->if_flags & IFF_UP) == 0) 485 bridge_stop(sc); 486 487 break; 488 case SIOCBRDGGPARAM: 489 if ((bp = bs->bs_root_port) == NULL) 490 brop->ifbop_root_port = 0; 491 else 492 brop->ifbop_root_port = bp->bp_ifp->if_index; 493 brop->ifbop_maxage = bs->bs_bridge_max_age >> 8; 494 brop->ifbop_hellotime = bs->bs_bridge_htime >> 8; 495 brop->ifbop_fwddelay = bs->bs_bridge_fdelay >> 8; 496 brop->ifbop_holdcount = bs->bs_txholdcount; 497 brop->ifbop_priority = bs->bs_bridge_priority; 498 brop->ifbop_protocol = bs->bs_protover; 499 brop->ifbop_root_bridge = bs->bs_root_pv.pv_root_id; 500 brop->ifbop_root_path_cost = bs->bs_root_pv.pv_cost; 501 brop->ifbop_root_port = bs->bs_root_pv.pv_port_id; 502 brop->ifbop_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 503 brop->ifbop_last_tc_time.tv_sec = bs->bs_last_tc_time.tv_sec; 504 brop->ifbop_last_tc_time.tv_usec = bs->bs_last_tc_time.tv_usec; 505 break; 506 case SIOCBRDGSIFPROT: 507 ifs = ifunit(req->ifbr_ifsname); 508 if (ifs == NULL) { 509 error = ENOENT; 510 break; 511 } 512 p = (struct bridge_iflist *)ifs->if_bridgeport; 513 if (p == NULL || p->bridge_sc != sc) { 514 error = ESRCH; 515 break; 516 } 517 p->bif_protected = req->ifbr_protected; 518 break; 519 case SIOCBRDGRTS: 520 case SIOCBRDGGCACHE: 521 case SIOCBRDGGPRI: 522 case SIOCBRDGGMA: 523 case SIOCBRDGGHT: 524 case SIOCBRDGGFD: 525 case SIOCBRDGGTO: 526 case SIOCBRDGGRL: 527 break; 528 case SIOCBRDGFLUSH: 529 case SIOCBRDGSADDR: 530 case SIOCBRDGDADDR: 531 case SIOCBRDGSCACHE: 532 case SIOCBRDGSTO: 533 case SIOCBRDGARL: 534 case SIOCBRDGFRL: 535 case SIOCBRDGSPRI: 536 case SIOCBRDGSFD: 537 case SIOCBRDGSMA: 538 case SIOCBRDGSHT: 539 case SIOCBRDGSTXHC: 540 case SIOCBRDGSPROTO: 541 case SIOCBRDGSIFPRIO: 542 case SIOCBRDGSIFCOST: 543 error = suser(curproc); 544 break; 545 default: 546 error = ENOTTY; 547 break; 548 } 549 550 if (!error) 551 error = bridgectl_ioctl(ifp, cmd, data); 552 553 if (!error) 554 error = bstp_ioctl(ifp, cmd, data); 555 556 return (error); 557 } 558 559 /* Detach an interface from a bridge. */ 560 void 561 bridge_ifdetach(void *arg) 562 { 563 struct ifnet *ifp = (struct ifnet *)arg; 564 struct bridge_softc *sc; 565 struct bridge_iflist *bif; 566 567 bif = (struct bridge_iflist *)ifp->if_bridgeport; 568 sc = bif->bridge_sc; 569 570 bridge_delete(sc, bif); 571 } 572 573 void 574 bridge_spandetach(void *arg) 575 { 576 struct bridge_iflist *p = (struct bridge_iflist *)arg; 577 struct bridge_softc *sc = p->bridge_sc; 578 579 hook_disestablish(p->ifp->if_detachhooks, p->bif_dhcookie); 580 TAILQ_REMOVE(&sc->sc_spanlist, p, next); 581 free(p, M_DEVBUF, sizeof(*p)); 582 } 583 584 int 585 bridge_bifconf(struct bridge_softc *sc, struct ifbifconf *bifc) 586 { 587 struct bridge_iflist *p; 588 struct bstp_port *bp; 589 struct bstp_state *bs = sc->sc_stp; 590 u_int32_t total = 0, i = 0; 591 int error = 0; 592 struct ifbreq *breq = NULL; 593 594 TAILQ_FOREACH(p, &sc->sc_iflist, next) 595 total++; 596 597 TAILQ_FOREACH(p, &sc->sc_spanlist, next) 598 total++; 599 600 if (bifc->ifbic_len == 0) { 601 i = total; 602 goto done; 603 } 604 605 if ((breq = (struct ifbreq *) 606 malloc(sizeof(*breq), M_DEVBUF, M_NOWAIT)) == NULL) 607 goto done; 608 609 TAILQ_FOREACH(p, &sc->sc_iflist, next) { 610 bzero(breq, sizeof(*breq)); 611 if (bifc->ifbic_len < sizeof(*breq)) 612 break; 613 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 614 strlcpy(breq->ifbr_ifsname, p->ifp->if_xname, IFNAMSIZ); 615 breq->ifbr_ifsflags = p->bif_flags; 616 breq->ifbr_portno = p->ifp->if_index & 0xfff; 617 breq->ifbr_protected = p->bif_protected; 618 if (p->bif_flags & IFBIF_STP) { 619 bp = p->bif_stp; 620 breq->ifbr_state = bstp_getstate(sc->sc_stp, bp); 621 breq->ifbr_priority = bp->bp_priority; 622 breq->ifbr_path_cost = bp->bp_path_cost; 623 breq->ifbr_proto = bp->bp_protover; 624 breq->ifbr_role = bp->bp_role; 625 breq->ifbr_stpflags = bp->bp_flags; 626 breq->ifbr_fwd_trans = bp->bp_forward_transitions; 627 breq->ifbr_root_bridge = bs->bs_root_pv.pv_root_id; 628 breq->ifbr_root_cost = bs->bs_root_pv.pv_cost; 629 breq->ifbr_root_port = bs->bs_root_pv.pv_port_id; 630 breq->ifbr_desg_bridge = bs->bs_root_pv.pv_dbridge_id; 631 breq->ifbr_desg_port = bs->bs_root_pv.pv_dport_id; 632 633 /* Copy STP state options as flags */ 634 if (bp->bp_operedge) 635 breq->ifbr_ifsflags |= IFBIF_BSTP_EDGE; 636 if (bp->bp_flags & BSTP_PORT_AUTOEDGE) 637 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOEDGE; 638 if (bp->bp_ptp_link) 639 breq->ifbr_ifsflags |= IFBIF_BSTP_PTP; 640 if (bp->bp_flags & BSTP_PORT_AUTOPTP) 641 breq->ifbr_ifsflags |= IFBIF_BSTP_AUTOPTP; 642 } 643 error = copyout((caddr_t)breq, 644 (caddr_t)(bifc->ifbic_req + i), sizeof(*breq)); 645 if (error) 646 goto done; 647 i++; 648 bifc->ifbic_len -= sizeof(*breq); 649 } 650 TAILQ_FOREACH(p, &sc->sc_spanlist, next) { 651 bzero(breq, sizeof(*breq)); 652 if (bifc->ifbic_len < sizeof(*breq)) 653 break; 654 strlcpy(breq->ifbr_name, sc->sc_if.if_xname, IFNAMSIZ); 655 strlcpy(breq->ifbr_ifsname, p->ifp->if_xname, IFNAMSIZ); 656 breq->ifbr_ifsflags = p->bif_flags | IFBIF_SPAN; 657 breq->ifbr_portno = p->ifp->if_index & 0xfff; 658 error = copyout((caddr_t)breq, 659 (caddr_t)(bifc->ifbic_req + i), sizeof(*breq)); 660 if (error) 661 goto done; 662 i++; 663 bifc->ifbic_len -= sizeof(*breq); 664 } 665 666 done: 667 if (breq != NULL) 668 free(breq, M_DEVBUF, sizeof *breq); 669 bifc->ifbic_len = i * sizeof(*breq); 670 return (error); 671 } 672 673 void 674 bridge_init(struct bridge_softc *sc) 675 { 676 struct ifnet *ifp = &sc->sc_if; 677 678 if ((ifp->if_flags & IFF_RUNNING) == IFF_RUNNING) 679 return; 680 681 ifp->if_flags |= IFF_RUNNING; 682 bstp_initialization(sc->sc_stp); 683 684 if (sc->sc_brttimeout != 0) 685 timeout_add_sec(&sc->sc_brtimeout, sc->sc_brttimeout); 686 } 687 688 /* 689 * Stop the bridge and deallocate the routing table. 690 */ 691 void 692 bridge_stop(struct bridge_softc *sc) 693 { 694 struct ifnet *ifp = &sc->sc_if; 695 696 /* 697 * If we're not running, there's nothing to do. 698 */ 699 if ((ifp->if_flags & IFF_RUNNING) == 0) 700 return; 701 702 timeout_del(&sc->sc_brtimeout); 703 704 bridge_rtflush(sc, IFBF_FLUSHDYN); 705 706 ifp->if_flags &= ~IFF_RUNNING; 707 } 708 709 /* 710 * Send output from the bridge. The mbuf has the ethernet header 711 * already attached. We must enqueue or free the mbuf before exiting. 712 */ 713 int 714 bridge_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa, 715 struct rtentry *rt) 716 { 717 struct ether_header *eh; 718 struct ifnet *dst_if = NULL; 719 struct bridge_rtnode *dst_p = NULL; 720 struct ether_addr *dst; 721 struct bridge_softc *sc; 722 struct bridge_tunneltag *brtag; 723 struct bridge_iflist *ifl; 724 int error; 725 726 /* ifp must be a member interface of the bridge. */ 727 if (ifp->if_bridgeport == NULL) { 728 m_freem(m); 729 return (EINVAL); 730 } 731 sc = ((struct bridge_iflist *)ifp->if_bridgeport)->bridge_sc; 732 733 if (m->m_len < sizeof(*eh)) { 734 m = m_pullup(m, sizeof(*eh)); 735 if (m == NULL) 736 return (ENOBUFS); 737 } 738 eh = mtod(m, struct ether_header *); 739 dst = (struct ether_addr *)&eh->ether_dhost[0]; 740 741 /* 742 * If bridge is down, but original output interface is up, 743 * go ahead and send out that interface. Otherwise the packet 744 * is dropped below. 745 */ 746 if ((sc->sc_if.if_flags & IFF_RUNNING) == 0) { 747 dst_if = ifp; 748 goto sendunicast; 749 } 750 751 #if NBPFILTER > 0 752 if (sc->sc_if.if_bpf) 753 bpf_mtap(sc->sc_if.if_bpf, m, BPF_DIRECTION_OUT); 754 #endif 755 ifp->if_opackets++; 756 ifp->if_obytes += m->m_pkthdr.len; 757 758 /* 759 * If the packet is a broadcast or we don't know a better way to 760 * get there, send to all interfaces. 761 */ 762 if ((dst_p = bridge_rtlookup(sc, dst)) != NULL) 763 dst_if = dst_p->brt_if; 764 if (dst_if == NULL || ETHER_IS_MULTICAST(eh->ether_dhost)) { 765 struct bridge_iflist *p; 766 struct mbuf *mc; 767 int used = 0; 768 769 bridge_span(sc, m); 770 771 TAILQ_FOREACH(p, &sc->sc_iflist, next) { 772 dst_if = p->ifp; 773 if ((dst_if->if_flags & IFF_RUNNING) == 0) 774 continue; 775 776 /* 777 * If this is not the original output interface, 778 * and the interface is participating in spanning 779 * tree, make sure the port is in a state that 780 * allows forwarding. 781 */ 782 if (dst_if != ifp && 783 (p->bif_flags & IFBIF_STP) && 784 (p->bif_state == BSTP_IFSTATE_DISCARDING)) 785 continue; 786 #if NMPW > 0 787 /* 788 * Split horizon: avoid broadcasting messages from 789 * wire to another wire. 790 */ 791 if (ifp->if_type == IFT_MPLSTUNNEL && 792 dst_if->if_type == IFT_MPLSTUNNEL) 793 continue; 794 #endif /* NMPW */ 795 if ((p->bif_flags & IFBIF_DISCOVER) == 0 && 796 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 797 continue; 798 799 if (TAILQ_NEXT(p, next) == NULL) { 800 used = 1; 801 mc = m; 802 } else { 803 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 804 if (mc == NULL) { 805 sc->sc_if.if_oerrors++; 806 continue; 807 } 808 } 809 810 ifl = (struct bridge_iflist *)dst_if->if_bridgeport; 811 KASSERT(ifl != NULL); 812 if (bridge_filterrule(&ifl->bif_brlout, eh, mc) == 813 BRL_ACTION_BLOCK) 814 continue; 815 816 error = bridge_ifenqueue(sc, dst_if, mc); 817 if (error) 818 continue; 819 } 820 if (!used) 821 m_freem(m); 822 return (0); 823 } 824 825 sendunicast: 826 if ((dst_p != NULL) && 827 (dst_p->brt_tunnel.brtag_peer.sa.sa_family != AF_UNSPEC) && 828 ((brtag = bridge_tunneltag(m)) != NULL)) 829 bridge_copytag(&dst_p->brt_tunnel, brtag); 830 831 bridge_span(sc, m); 832 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 833 m_freem(m); 834 return (ENETDOWN); 835 } 836 bridge_ifenqueue(sc, dst_if, m); 837 return (0); 838 } 839 840 /* 841 * Loop through each bridge interface and process their input queues. 842 */ 843 void 844 bridgeintr(void) 845 { 846 struct mbuf_list ml; 847 struct mbuf *m; 848 struct ifnet *ifp; 849 850 niq_delist(&bridgeintrq, &ml); 851 if (ml_empty(&ml)) 852 return; 853 854 while ((m = ml_dequeue(&ml)) != NULL) { 855 856 ifp = if_get(m->m_pkthdr.ph_ifidx); 857 if (ifp == NULL) { 858 m_freem(m); 859 continue; 860 } 861 862 bridge_process(ifp, m); 863 864 if_put(ifp); 865 } 866 } 867 868 /* 869 * Process a single frame. Frame must be freed or queued before returning. 870 */ 871 void 872 bridgeintr_frame(struct bridge_softc *sc, struct ifnet *src_if, struct mbuf *m) 873 { 874 struct ifnet *dst_if; 875 struct bridge_iflist *ifl; 876 struct bridge_rtnode *dst_p; 877 struct ether_addr *dst, *src; 878 struct ether_header eh; 879 u_int32_t protected; 880 int len; 881 882 883 sc->sc_if.if_ipackets++; 884 sc->sc_if.if_ibytes += m->m_pkthdr.len; 885 886 ifl = (struct bridge_iflist *)src_if->if_bridgeport; 887 KASSERT(ifl != NULL); 888 889 if (m->m_pkthdr.len < sizeof(eh)) { 890 m_freem(m); 891 return; 892 } 893 m_copydata(m, 0, ETHER_HDR_LEN, (caddr_t)&eh); 894 dst = (struct ether_addr *)&eh.ether_dhost[0]; 895 src = (struct ether_addr *)&eh.ether_shost[0]; 896 897 /* 898 * If interface is learning, and if source address 899 * is not broadcast or multicast, record its address. 900 */ 901 if ((ifl->bif_flags & IFBIF_LEARNING) && 902 (eh.ether_shost[0] & 1) == 0 && 903 !(eh.ether_shost[0] == 0 && eh.ether_shost[1] == 0 && 904 eh.ether_shost[2] == 0 && eh.ether_shost[3] == 0 && 905 eh.ether_shost[4] == 0 && eh.ether_shost[5] == 0)) 906 bridge_rtupdate(sc, src, src_if, 0, IFBAF_DYNAMIC, m); 907 908 if ((ifl->bif_flags & IFBIF_STP) && 909 (ifl->bif_state == BSTP_IFSTATE_LEARNING)) { 910 m_freem(m); 911 return; 912 } 913 914 /* 915 * At this point, the port either doesn't participate in stp or 916 * it's in the forwarding state 917 */ 918 919 /* 920 * If packet is unicast, destined for someone on "this" 921 * side of the bridge, drop it. 922 */ 923 if (!ETHER_IS_MULTICAST(eh.ether_dhost)) { 924 if ((dst_p = bridge_rtlookup(sc, dst)) != NULL) 925 dst_if = dst_p->brt_if; 926 else 927 dst_if = NULL; 928 if (dst_if == src_if) { 929 m_freem(m); 930 return; 931 } 932 } else { 933 if (memcmp(etherbroadcastaddr, eh.ether_dhost, 934 sizeof(etherbroadcastaddr)) == 0) 935 m->m_flags |= M_BCAST; 936 else 937 m->m_flags |= M_MCAST; 938 dst_if = NULL; 939 } 940 941 /* 942 * Multicast packets get handled a little differently: 943 * If interface is: 944 * -link0,-link1 (default) Forward all multicast 945 * as broadcast. 946 * -link0,link1 Drop non-IP multicast, forward 947 * as broadcast IP multicast. 948 * link0,-link1 Drop IP multicast, forward as 949 * broadcast non-IP multicast. 950 * link0,link1 Drop all multicast. 951 */ 952 if (m->m_flags & M_MCAST) { 953 if ((sc->sc_if.if_flags & 954 (IFF_LINK0 | IFF_LINK1)) == 955 (IFF_LINK0 | IFF_LINK1)) { 956 m_freem(m); 957 return; 958 } 959 if (sc->sc_if.if_flags & IFF_LINK0 && 960 ETHERADDR_IS_IP_MCAST(dst)) { 961 m_freem(m); 962 return; 963 } 964 if (sc->sc_if.if_flags & IFF_LINK1 && 965 !ETHERADDR_IS_IP_MCAST(dst)) { 966 m_freem(m); 967 return; 968 } 969 } 970 971 if (ifl->bif_flags & IFBIF_BLOCKNONIP && bridge_blocknonip(&eh, m)) { 972 m_freem(m); 973 return; 974 } 975 976 if (bridge_filterrule(&ifl->bif_brlin, &eh, m) == BRL_ACTION_BLOCK) { 977 m_freem(m); 978 return; 979 } 980 m = bridge_ip(sc, BRIDGE_IN, src_if, &eh, m); 981 if (m == NULL) 982 return; 983 /* 984 * If the packet is a multicast or broadcast OR if we don't 985 * know any better, forward it to all interfaces. 986 */ 987 if ((m->m_flags & (M_BCAST | M_MCAST)) || dst_if == NULL) { 988 sc->sc_if.if_imcasts++; 989 bridge_broadcast(sc, src_if, &eh, m); 990 return; 991 } 992 protected = ifl->bif_protected; 993 994 /* 995 * At this point, we're dealing with a unicast frame going to a 996 * different interface 997 */ 998 if ((dst_if->if_flags & IFF_RUNNING) == 0) { 999 m_freem(m); 1000 return; 1001 } 1002 ifl = (struct bridge_iflist *)dst_if->if_bridgeport; 1003 if ((ifl->bif_flags & IFBIF_STP) && 1004 (ifl->bif_state == BSTP_IFSTATE_DISCARDING)) { 1005 m_freem(m); 1006 return; 1007 } 1008 /* 1009 * Do not transmit if both ports are part of the same protected 1010 * domain. 1011 */ 1012 if (protected != 0 && (protected & ifl->bif_protected)) { 1013 m_freem(m); 1014 return; 1015 } 1016 if (bridge_filterrule(&ifl->bif_brlout, &eh, m) == BRL_ACTION_BLOCK) { 1017 m_freem(m); 1018 return; 1019 } 1020 m = bridge_ip(sc, BRIDGE_OUT, dst_if, &eh, m); 1021 if (m == NULL) 1022 return; 1023 1024 len = m->m_pkthdr.len; 1025 #if NVLAN > 0 1026 if ((m->m_flags & M_VLANTAG) && 1027 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1028 len += ETHER_VLAN_ENCAP_LEN; 1029 #endif 1030 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1031 bridge_fragment(sc, dst_if, &eh, m); 1032 else { 1033 bridge_ifenqueue(sc, dst_if, m); 1034 } 1035 } 1036 1037 /* 1038 * Return 1 if `ena' belongs to `ifl', 0 otherwise. 1039 */ 1040 int 1041 bridge_ourether(struct bridge_iflist *ifl, uint8_t *ena) 1042 { 1043 struct arpcom *ac = (struct arpcom *)ifl->ifp; 1044 1045 if (memcmp(ac->ac_enaddr, ena, ETHER_ADDR_LEN) == 0) 1046 return (1); 1047 1048 #if NCARP > 0 1049 if (carp_ourether(ifl->ifp, ena)) 1050 return (1); 1051 #endif 1052 1053 return (0); 1054 } 1055 1056 /* 1057 * Receive input from an interface. Queue the packet for bridging if its 1058 * not for us, and schedule an interrupt. 1059 */ 1060 int 1061 bridge_input(struct ifnet *ifp, struct mbuf *m, void *cookie) 1062 { 1063 KASSERT(m->m_flags & M_PKTHDR); 1064 1065 if (m->m_flags & M_PROTO1) { 1066 m->m_flags &= ~M_PROTO1; 1067 return (0); 1068 } 1069 1070 niq_enqueue(&bridgeintrq, m); 1071 1072 return (1); 1073 } 1074 1075 void 1076 bridge_process(struct ifnet *ifp, struct mbuf *m) 1077 { 1078 struct bridge_softc *sc; 1079 struct bridge_iflist *ifl; 1080 struct bridge_iflist *srcifl; 1081 struct ether_header *eh; 1082 struct mbuf *mc; 1083 1084 ifl = (struct bridge_iflist *)ifp->if_bridgeport; 1085 if (ifl == NULL) 1086 goto reenqueue; 1087 1088 sc = ifl->bridge_sc; 1089 if ((sc->sc_if.if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING)) 1090 goto reenqueue; 1091 1092 #if NVLAN > 0 1093 /* 1094 * If the underlying interface removed the VLAN header itself, 1095 * add it back. 1096 */ 1097 if (ISSET(m->m_flags, M_VLANTAG)) { 1098 m = vlan_inject(m, ETHERTYPE_VLAN, m->m_pkthdr.ether_vtag); 1099 if (m == NULL) 1100 return; 1101 } 1102 #endif 1103 1104 #if NBPFILTER > 0 1105 if (sc->sc_if.if_bpf) 1106 bpf_mtap_ether(sc->sc_if.if_bpf, m, BPF_DIRECTION_IN); 1107 #endif 1108 1109 bridge_span(sc, m); 1110 1111 eh = mtod(m, struct ether_header *); 1112 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 1113 /* 1114 * Reserved destination MAC addresses (01:80:C2:00:00:0x) 1115 * should not be forwarded to bridge members according to 1116 * section 7.12.6 of the 802.1D-2004 specification. The 1117 * STP destination address (as stored in bstp_etheraddr) 1118 * is the first of these. 1119 */ 1120 if (memcmp(eh->ether_dhost, bstp_etheraddr, 1121 ETHER_ADDR_LEN - 1) == 0) { 1122 if (eh->ether_dhost[ETHER_ADDR_LEN - 1] == 0) { 1123 /* STP traffic */ 1124 if ((m = bstp_input(sc->sc_stp, ifl->bif_stp, 1125 eh, m)) == NULL) 1126 return; 1127 } else if (eh->ether_dhost[ETHER_ADDR_LEN - 1] <= 0xf) { 1128 m_freem(m); 1129 return; 1130 } 1131 } 1132 1133 /* 1134 * No need to process frames for ifs in the discarding state 1135 */ 1136 if ((ifl->bif_flags & IFBIF_STP) && 1137 (ifl->bif_state == BSTP_IFSTATE_DISCARDING)) 1138 goto reenqueue; 1139 1140 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1141 if (mc == NULL) 1142 goto reenqueue; 1143 1144 bridge_ifinput(ifp, mc); 1145 1146 bridgeintr_frame(sc, ifp, m); 1147 return; 1148 } 1149 1150 /* 1151 * No need to queue frames for ifs in the discarding state 1152 */ 1153 if ((ifl->bif_flags & IFBIF_STP) && 1154 (ifl->bif_state == BSTP_IFSTATE_DISCARDING)) 1155 goto reenqueue; 1156 1157 /* 1158 * Unicast, make sure it's not for us. 1159 */ 1160 srcifl = ifl; 1161 TAILQ_FOREACH(ifl, &sc->sc_iflist, next) { 1162 if (ifl->ifp->if_type != IFT_ETHER) 1163 continue; 1164 if (bridge_ourether(ifl, eh->ether_dhost)) { 1165 if (srcifl->bif_flags & IFBIF_LEARNING) 1166 bridge_rtupdate(sc, 1167 (struct ether_addr *)&eh->ether_shost, 1168 ifp, 0, IFBAF_DYNAMIC, m); 1169 if (bridge_filterrule(&srcifl->bif_brlin, eh, m) == 1170 BRL_ACTION_BLOCK) { 1171 m_freem(m); 1172 return; 1173 } 1174 1175 /* Count for the bridge */ 1176 sc->sc_if.if_ipackets++; 1177 sc->sc_if.if_ibytes += m->m_pkthdr.len; 1178 1179 bridge_ifinput(ifl->ifp, m); 1180 return; 1181 } 1182 if (bridge_ourether(ifl, eh->ether_shost)) { 1183 m_freem(m); 1184 return; 1185 } 1186 } 1187 1188 bridgeintr_frame(sc, ifp, m); 1189 return; 1190 1191 reenqueue: 1192 bridge_ifinput(ifp, m); 1193 } 1194 1195 /* 1196 * Send a frame to all interfaces that are members of the bridge 1197 * (except the one it came in on). 1198 */ 1199 void 1200 bridge_broadcast(struct bridge_softc *sc, struct ifnet *ifp, 1201 struct ether_header *eh, struct mbuf *m) 1202 { 1203 struct bridge_iflist *p; 1204 struct mbuf *mc; 1205 struct ifnet *dst_if; 1206 int len, used = 0; 1207 u_int32_t protected; 1208 1209 p = (struct bridge_iflist *)ifp->if_bridgeport; 1210 protected = p->bif_protected; 1211 1212 TAILQ_FOREACH(p, &sc->sc_iflist, next) { 1213 dst_if = p->ifp; 1214 1215 if ((dst_if->if_flags & IFF_RUNNING) == 0) 1216 continue; 1217 1218 if ((p->bif_flags & IFBIF_STP) && 1219 (p->bif_state == BSTP_IFSTATE_DISCARDING)) 1220 continue; 1221 1222 if ((p->bif_flags & IFBIF_DISCOVER) == 0 && 1223 (m->m_flags & (M_BCAST | M_MCAST)) == 0) 1224 continue; 1225 1226 /* Drop non-IP frames if the appropriate flag is set. */ 1227 if (p->bif_flags & IFBIF_BLOCKNONIP && 1228 bridge_blocknonip(eh, m)) 1229 continue; 1230 1231 /* 1232 * Do not transmit if both ports are part of the same 1233 * protected domain. 1234 */ 1235 if (protected != 0 && (protected & p->bif_protected)) 1236 continue; 1237 1238 if (bridge_filterrule(&p->bif_brlout, eh, m) == BRL_ACTION_BLOCK) 1239 continue; 1240 1241 /* 1242 * Don't retransmit out of the same interface where 1243 * the packet was received from. 1244 */ 1245 if (dst_if->if_index == ifp->if_index) 1246 continue; 1247 1248 bridge_localbroadcast(sc, dst_if, eh, m); 1249 1250 #if NMPW > 0 1251 /* 1252 * Split horizon: avoid broadcasting messages from wire to 1253 * another wire. 1254 */ 1255 if (ifp->if_type == IFT_MPLSTUNNEL && 1256 dst_if->if_type == IFT_MPLSTUNNEL) 1257 continue; 1258 #endif /* NMPW */ 1259 1260 /* If last one, reuse the passed-in mbuf */ 1261 if (TAILQ_NEXT(p, next) == NULL) { 1262 mc = m; 1263 used = 1; 1264 } else { 1265 mc = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1266 if (mc == NULL) { 1267 sc->sc_if.if_oerrors++; 1268 continue; 1269 } 1270 } 1271 1272 mc = bridge_ip(sc, BRIDGE_OUT, dst_if, eh, mc); 1273 if (mc == NULL) 1274 continue; 1275 1276 len = mc->m_pkthdr.len; 1277 #if NVLAN > 0 1278 if ((mc->m_flags & M_VLANTAG) && 1279 (dst_if->if_capabilities & IFCAP_VLAN_HWTAGGING) == 0) 1280 len += ETHER_VLAN_ENCAP_LEN; 1281 #endif 1282 if ((len - ETHER_HDR_LEN) > dst_if->if_mtu) 1283 bridge_fragment(sc, dst_if, eh, mc); 1284 else { 1285 bridge_ifenqueue(sc, dst_if, mc); 1286 } 1287 } 1288 1289 if (!used) 1290 m_freem(m); 1291 } 1292 1293 void 1294 bridge_localbroadcast(struct bridge_softc *sc, struct ifnet *ifp, 1295 struct ether_header *eh, struct mbuf *m) 1296 { 1297 struct mbuf *m1; 1298 u_int16_t etype; 1299 1300 /* 1301 * quick optimisation, don't send packets up the stack if no 1302 * corresponding address has been specified. 1303 */ 1304 etype = ntohs(eh->ether_type); 1305 if (!(m->m_flags & M_VLANTAG) && etype == ETHERTYPE_IP) { 1306 struct ifaddr *ifa; 1307 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 1308 if (ifa->ifa_addr->sa_family == AF_INET) 1309 break; 1310 } 1311 if (ifa == NULL) 1312 return; 1313 } 1314 1315 m1 = m_dup_pkt(m, ETHER_ALIGN, M_NOWAIT); 1316 if (m1 == NULL) { 1317 sc->sc_if.if_oerrors++; 1318 return; 1319 } 1320 1321 #if NPF > 0 1322 pf_pkt_addr_changed(m1); 1323 #endif /* NPF */ 1324 1325 bridge_ifinput(ifp, m1); 1326 } 1327 1328 void 1329 bridge_span(struct bridge_softc *sc, struct mbuf *m) 1330 { 1331 struct bridge_iflist *p; 1332 struct ifnet *ifp; 1333 struct mbuf *mc; 1334 int error; 1335 1336 TAILQ_FOREACH(p, &sc->sc_spanlist, next) { 1337 ifp = p->ifp; 1338 1339 if ((ifp->if_flags & IFF_RUNNING) == 0) 1340 continue; 1341 1342 mc = m_copym(m, 0, M_COPYALL, M_DONTWAIT); 1343 if (mc == NULL) { 1344 sc->sc_if.if_oerrors++; 1345 continue; 1346 } 1347 1348 error = bridge_ifenqueue(sc, ifp, mc); 1349 if (error) 1350 continue; 1351 } 1352 } 1353 1354 /* 1355 * Block non-ip frames: 1356 * Returns 0 if frame is ip, and 1 if it should be dropped. 1357 */ 1358 int 1359 bridge_blocknonip(struct ether_header *eh, struct mbuf *m) 1360 { 1361 struct llc llc; 1362 u_int16_t etype; 1363 1364 if (m->m_pkthdr.len < ETHER_HDR_LEN) 1365 return (1); 1366 1367 #if NVLAN > 0 1368 if (m->m_flags & M_VLANTAG) 1369 return (1); 1370 #endif 1371 1372 etype = ntohs(eh->ether_type); 1373 switch (etype) { 1374 case ETHERTYPE_ARP: 1375 case ETHERTYPE_REVARP: 1376 case ETHERTYPE_IP: 1377 case ETHERTYPE_IPV6: 1378 return (0); 1379 } 1380 1381 if (etype > ETHERMTU) 1382 return (1); 1383 1384 if (m->m_pkthdr.len < 1385 (ETHER_HDR_LEN + LLC_SNAPFRAMELEN)) 1386 return (1); 1387 1388 m_copydata(m, ETHER_HDR_LEN, LLC_SNAPFRAMELEN, 1389 (caddr_t)&llc); 1390 1391 etype = ntohs(llc.llc_snap.ether_type); 1392 if (llc.llc_dsap == LLC_SNAP_LSAP && 1393 llc.llc_ssap == LLC_SNAP_LSAP && 1394 llc.llc_control == LLC_UI && 1395 llc.llc_snap.org_code[0] == 0 && 1396 llc.llc_snap.org_code[1] == 0 && 1397 llc.llc_snap.org_code[2] == 0 && 1398 (etype == ETHERTYPE_ARP || etype == ETHERTYPE_REVARP || 1399 etype == ETHERTYPE_IP || etype == ETHERTYPE_IPV6)) { 1400 return (0); 1401 } 1402 1403 return (1); 1404 } 1405 1406 #ifdef IPSEC 1407 int 1408 bridge_ipsec(struct bridge_softc *sc, struct ifnet *ifp, 1409 struct ether_header *eh, int hassnap, struct llc *llc, 1410 int dir, int af, int hlen, struct mbuf *m) 1411 { 1412 union sockaddr_union dst; 1413 struct tdb *tdb; 1414 u_int32_t spi; 1415 u_int16_t cpi; 1416 int error, off; 1417 u_int8_t proto = 0; 1418 struct ip *ip; 1419 #ifdef INET6 1420 struct ip6_hdr *ip6; 1421 #endif /* INET6 */ 1422 #if NPF > 0 1423 struct ifnet *encif; 1424 #endif 1425 1426 if (dir == BRIDGE_IN) { 1427 switch (af) { 1428 case AF_INET: 1429 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1430 goto skiplookup; 1431 1432 ip = mtod(m, struct ip *); 1433 proto = ip->ip_p; 1434 off = offsetof(struct ip, ip_p); 1435 1436 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1437 proto != IPPROTO_IPCOMP) 1438 goto skiplookup; 1439 1440 bzero(&dst, sizeof(union sockaddr_union)); 1441 dst.sa.sa_family = AF_INET; 1442 dst.sin.sin_len = sizeof(struct sockaddr_in); 1443 m_copydata(m, offsetof(struct ip, ip_dst), 1444 sizeof(struct in_addr), 1445 (caddr_t)&dst.sin.sin_addr); 1446 1447 break; 1448 #ifdef INET6 1449 case AF_INET6: 1450 if (m->m_pkthdr.len - hlen < 2 * sizeof(u_int32_t)) 1451 goto skiplookup; 1452 1453 ip6 = mtod(m, struct ip6_hdr *); 1454 1455 /* XXX We should chase down the header chain */ 1456 proto = ip6->ip6_nxt; 1457 off = offsetof(struct ip6_hdr, ip6_nxt); 1458 1459 if (proto != IPPROTO_ESP && proto != IPPROTO_AH && 1460 proto != IPPROTO_IPCOMP) 1461 goto skiplookup; 1462 1463 bzero(&dst, sizeof(union sockaddr_union)); 1464 dst.sa.sa_family = AF_INET6; 1465 dst.sin6.sin6_len = sizeof(struct sockaddr_in6); 1466 m_copydata(m, offsetof(struct ip6_hdr, ip6_nxt), 1467 sizeof(struct in6_addr), 1468 (caddr_t)&dst.sin6.sin6_addr); 1469 1470 break; 1471 #endif /* INET6 */ 1472 default: 1473 return (0); 1474 } 1475 1476 switch (proto) { 1477 case IPPROTO_ESP: 1478 m_copydata(m, hlen, sizeof(u_int32_t), (caddr_t)&spi); 1479 break; 1480 case IPPROTO_AH: 1481 m_copydata(m, hlen + sizeof(u_int32_t), 1482 sizeof(u_int32_t), (caddr_t)&spi); 1483 break; 1484 case IPPROTO_IPCOMP: 1485 m_copydata(m, hlen + sizeof(u_int16_t), 1486 sizeof(u_int16_t), (caddr_t)&cpi); 1487 spi = ntohl(htons(cpi)); 1488 break; 1489 } 1490 1491 NET_ASSERT_LOCKED(); 1492 1493 tdb = gettdb(ifp->if_rdomain, spi, &dst, proto); 1494 if (tdb != NULL && (tdb->tdb_flags & TDBF_INVALID) == 0 && 1495 tdb->tdb_xform != NULL) { 1496 if (tdb->tdb_first_use == 0) { 1497 tdb->tdb_first_use = time_second; 1498 if (tdb->tdb_flags & TDBF_FIRSTUSE) 1499 timeout_add_sec(&tdb->tdb_first_tmo, 1500 tdb->tdb_exp_first_use); 1501 if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) 1502 timeout_add_sec(&tdb->tdb_sfirst_tmo, 1503 tdb->tdb_soft_first_use); 1504 } 1505 1506 (*(tdb->tdb_xform->xf_input))(m, tdb, hlen, off); 1507 return (1); 1508 } else { 1509 skiplookup: 1510 /* XXX do an input policy lookup */ 1511 return (0); 1512 } 1513 } else { /* Outgoing from the bridge. */ 1514 tdb = ipsp_spd_lookup(m, af, hlen, &error, 1515 IPSP_DIRECTION_OUT, NULL, NULL, 0); 1516 if (tdb != NULL) { 1517 /* 1518 * We don't need to do loop detection, the 1519 * bridge will do that for us. 1520 */ 1521 #if NPF > 0 1522 if ((encif = enc_getif(tdb->tdb_rdomain, 1523 tdb->tdb_tap)) == NULL || 1524 pf_test(af, dir, encif, &m) != PF_PASS) { 1525 m_freem(m); 1526 return (1); 1527 } 1528 if (m == NULL) 1529 return (1); 1530 else if (af == AF_INET) 1531 in_proto_cksum_out(m, encif); 1532 #ifdef INET6 1533 else if (af == AF_INET6) 1534 in6_proto_cksum_out(m, encif); 1535 #endif /* INET6 */ 1536 #endif /* NPF */ 1537 1538 ip = mtod(m, struct ip *); 1539 if ((af == AF_INET) && 1540 ip_mtudisc && (ip->ip_off & htons(IP_DF)) && 1541 tdb->tdb_mtu && ntohs(ip->ip_len) > tdb->tdb_mtu && 1542 tdb->tdb_mtutimeout > time_second) 1543 bridge_send_icmp_err(sc, ifp, eh, m, 1544 hassnap, llc, tdb->tdb_mtu, 1545 ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1546 else 1547 error = ipsp_process_packet(m, tdb, af, 0); 1548 return (1); 1549 } else 1550 return (0); 1551 } 1552 1553 return (0); 1554 } 1555 #endif /* IPSEC */ 1556 1557 /* 1558 * Filter IP packets by peeking into the ethernet frame. This violates 1559 * the ISO model, but allows us to act as a IP filter at the data link 1560 * layer. As a result, most of this code will look familiar to those 1561 * who've read net/if_ethersubr.c and netinet/ip_input.c 1562 */ 1563 struct mbuf * 1564 bridge_ip(struct bridge_softc *sc, int dir, struct ifnet *ifp, 1565 struct ether_header *eh, struct mbuf *m) 1566 { 1567 struct llc llc; 1568 int hassnap = 0; 1569 struct ip *ip; 1570 int hlen; 1571 u_int16_t etype; 1572 1573 #if NVLAN > 0 1574 if (m->m_flags & M_VLANTAG) 1575 return (m); 1576 #endif 1577 1578 etype = ntohs(eh->ether_type); 1579 1580 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) { 1581 if (etype > ETHERMTU || 1582 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1583 ETHER_HDR_LEN)) 1584 return (m); 1585 1586 m_copydata(m, ETHER_HDR_LEN, 1587 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1588 1589 if (llc.llc_dsap != LLC_SNAP_LSAP || 1590 llc.llc_ssap != LLC_SNAP_LSAP || 1591 llc.llc_control != LLC_UI || 1592 llc.llc_snap.org_code[0] || 1593 llc.llc_snap.org_code[1] || 1594 llc.llc_snap.org_code[2]) 1595 return (m); 1596 1597 etype = ntohs(llc.llc_snap.ether_type); 1598 if (etype != ETHERTYPE_IP && etype != ETHERTYPE_IPV6) 1599 return (m); 1600 hassnap = 1; 1601 } 1602 1603 m_adj(m, ETHER_HDR_LEN); 1604 if (hassnap) 1605 m_adj(m, LLC_SNAPFRAMELEN); 1606 1607 switch (etype) { 1608 1609 case ETHERTYPE_IP: 1610 if (m->m_pkthdr.len < sizeof(struct ip)) 1611 goto dropit; 1612 1613 /* Copy minimal header, and drop invalids */ 1614 if (m->m_len < sizeof(struct ip) && 1615 (m = m_pullup(m, sizeof(struct ip))) == NULL) { 1616 ipstat_inc(ips_toosmall); 1617 return (NULL); 1618 } 1619 ip = mtod(m, struct ip *); 1620 1621 if (ip->ip_v != IPVERSION) { 1622 ipstat_inc(ips_badvers); 1623 goto dropit; 1624 } 1625 1626 hlen = ip->ip_hl << 2; /* get whole header length */ 1627 if (hlen < sizeof(struct ip)) { 1628 ipstat_inc(ips_badhlen); 1629 goto dropit; 1630 } 1631 1632 if (hlen > m->m_len) { 1633 if ((m = m_pullup(m, hlen)) == NULL) { 1634 ipstat_inc(ips_badhlen); 1635 return (NULL); 1636 } 1637 ip = mtod(m, struct ip *); 1638 } 1639 1640 if ((m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_OK) == 0) { 1641 if (m->m_pkthdr.csum_flags & M_IPV4_CSUM_IN_BAD) { 1642 ipstat_inc(ips_badsum); 1643 goto dropit; 1644 } 1645 1646 ipstat_inc(ips_inswcsum); 1647 if (in_cksum(m, hlen) != 0) { 1648 ipstat_inc(ips_badsum); 1649 goto dropit; 1650 } 1651 } 1652 1653 if (ntohs(ip->ip_len) < hlen) 1654 goto dropit; 1655 1656 if (m->m_pkthdr.len < ntohs(ip->ip_len)) 1657 goto dropit; 1658 if (m->m_pkthdr.len > ntohs(ip->ip_len)) { 1659 if (m->m_len == m->m_pkthdr.len) { 1660 m->m_len = ntohs(ip->ip_len); 1661 m->m_pkthdr.len = ntohs(ip->ip_len); 1662 } else 1663 m_adj(m, ntohs(ip->ip_len) - m->m_pkthdr.len); 1664 } 1665 1666 #ifdef IPSEC 1667 if ((sc->sc_if.if_flags & IFF_LINK2) == IFF_LINK2 && 1668 bridge_ipsec(sc, ifp, eh, hassnap, &llc, 1669 dir, AF_INET, hlen, m)) 1670 return (NULL); 1671 #endif /* IPSEC */ 1672 #if NPF > 0 1673 /* Finally, we get to filter the packet! */ 1674 if (pf_test(AF_INET, dir, ifp, &m) != PF_PASS) 1675 goto dropit; 1676 if (m == NULL) 1677 goto dropit; 1678 #endif /* NPF > 0 */ 1679 1680 /* Rebuild the IP header */ 1681 if (m->m_len < hlen && ((m = m_pullup(m, hlen)) == NULL)) 1682 return (NULL); 1683 if (m->m_len < sizeof(struct ip)) 1684 goto dropit; 1685 in_proto_cksum_out(m, ifp); 1686 ip = mtod(m, struct ip *); 1687 ip->ip_sum = 0; 1688 if (0 && (ifp->if_capabilities & IFCAP_CSUM_IPv4)) 1689 m->m_pkthdr.csum_flags |= M_IPV4_CSUM_OUT; 1690 else { 1691 ipstat_inc(ips_outswcsum); 1692 ip->ip_sum = in_cksum(m, hlen); 1693 } 1694 1695 break; 1696 1697 #ifdef INET6 1698 case ETHERTYPE_IPV6: { 1699 struct ip6_hdr *ip6; 1700 1701 if (m->m_len < sizeof(struct ip6_hdr)) { 1702 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) 1703 == NULL) { 1704 ip6stat_inc(ip6s_toosmall); 1705 return (NULL); 1706 } 1707 } 1708 1709 ip6 = mtod(m, struct ip6_hdr *); 1710 1711 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 1712 ip6stat_inc(ip6s_badvers); 1713 goto dropit; 1714 } 1715 1716 #ifdef IPSEC 1717 hlen = sizeof(struct ip6_hdr); 1718 1719 if ((sc->sc_if.if_flags & IFF_LINK2) == IFF_LINK2 && 1720 bridge_ipsec(sc, ifp, eh, hassnap, &llc, 1721 dir, AF_INET6, hlen, m)) 1722 return (NULL); 1723 #endif /* IPSEC */ 1724 1725 #if NPF > 0 1726 if (pf_test(AF_INET6, dir, ifp, &m) != PF_PASS) 1727 goto dropit; 1728 if (m == NULL) 1729 return (NULL); 1730 #endif /* NPF > 0 */ 1731 in6_proto_cksum_out(m, ifp); 1732 1733 break; 1734 } 1735 #endif /* INET6 */ 1736 1737 default: 1738 goto dropit; 1739 break; 1740 } 1741 1742 /* Reattach SNAP header */ 1743 if (hassnap) { 1744 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1745 if (m == NULL) 1746 goto dropit; 1747 bcopy(&llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1748 } 1749 1750 /* Reattach ethernet header */ 1751 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1752 if (m == NULL) 1753 goto dropit; 1754 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1755 1756 return (m); 1757 1758 dropit: 1759 m_freem(m); 1760 return (NULL); 1761 } 1762 1763 void 1764 bridge_fragment(struct bridge_softc *sc, struct ifnet *ifp, 1765 struct ether_header *eh, struct mbuf *m) 1766 { 1767 struct llc llc; 1768 struct mbuf *m0; 1769 int error = 0; 1770 int hassnap = 0; 1771 u_int16_t etype; 1772 struct ip *ip; 1773 1774 etype = ntohs(eh->ether_type); 1775 #if NVLAN > 0 1776 if ((m->m_flags & M_VLANTAG) || etype == ETHERTYPE_VLAN || 1777 etype == ETHERTYPE_QINQ) { 1778 int len = m->m_pkthdr.len; 1779 1780 if (m->m_flags & M_VLANTAG) 1781 len += ETHER_VLAN_ENCAP_LEN; 1782 if ((ifp->if_capabilities & IFCAP_VLAN_MTU) && 1783 (len - sizeof(struct ether_vlan_header) <= ifp->if_mtu)) { 1784 bridge_ifenqueue(sc, ifp, m); 1785 return; 1786 } 1787 goto dropit; 1788 } 1789 #endif 1790 if (etype != ETHERTYPE_IP) { 1791 if (etype > ETHERMTU || 1792 m->m_pkthdr.len < (LLC_SNAPFRAMELEN + 1793 ETHER_HDR_LEN)) 1794 goto dropit; 1795 1796 m_copydata(m, ETHER_HDR_LEN, 1797 LLC_SNAPFRAMELEN, (caddr_t)&llc); 1798 1799 if (llc.llc_dsap != LLC_SNAP_LSAP || 1800 llc.llc_ssap != LLC_SNAP_LSAP || 1801 llc.llc_control != LLC_UI || 1802 llc.llc_snap.org_code[0] || 1803 llc.llc_snap.org_code[1] || 1804 llc.llc_snap.org_code[2] || 1805 llc.llc_snap.ether_type != htons(ETHERTYPE_IP)) 1806 goto dropit; 1807 1808 hassnap = 1; 1809 } 1810 1811 m_adj(m, ETHER_HDR_LEN); 1812 if (hassnap) 1813 m_adj(m, LLC_SNAPFRAMELEN); 1814 1815 if (m->m_len < sizeof(struct ip) && 1816 (m = m_pullup(m, sizeof(struct ip))) == NULL) 1817 goto dropit; 1818 ip = mtod(m, struct ip *); 1819 1820 /* Respect IP_DF, return a ICMP_UNREACH_NEEDFRAG. */ 1821 if (ip->ip_off & htons(IP_DF)) { 1822 bridge_send_icmp_err(sc, ifp, eh, m, hassnap, &llc, 1823 ifp->if_mtu, ICMP_UNREACH, ICMP_UNREACH_NEEDFRAG); 1824 return; 1825 } 1826 1827 error = ip_fragment(m, ifp, ifp->if_mtu); 1828 if (error) { 1829 m = NULL; 1830 goto dropit; 1831 } 1832 1833 for (; m; m = m0) { 1834 m0 = m->m_nextpkt; 1835 m->m_nextpkt = NULL; 1836 if (error == 0) { 1837 if (hassnap) { 1838 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1839 if (m == NULL) { 1840 error = ENOBUFS; 1841 continue; 1842 } 1843 bcopy(&llc, mtod(m, caddr_t), 1844 LLC_SNAPFRAMELEN); 1845 } 1846 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1847 if (m == NULL) { 1848 error = ENOBUFS; 1849 continue; 1850 } 1851 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1852 error = bridge_ifenqueue(sc, ifp, m); 1853 if (error) { 1854 continue; 1855 } 1856 } else 1857 m_freem(m); 1858 } 1859 1860 if (error == 0) 1861 ipstat_inc(ips_fragmented); 1862 1863 return; 1864 dropit: 1865 m_freem(m); 1866 } 1867 1868 int 1869 bridge_ifenqueue(struct bridge_softc *sc, struct ifnet *ifp, struct mbuf *m) 1870 { 1871 int error, len; 1872 1873 /* Loop prevention. */ 1874 m->m_flags |= M_PROTO1; 1875 1876 len = m->m_pkthdr.len; 1877 1878 error = if_enqueue(ifp, m); 1879 if (error) { 1880 sc->sc_if.if_oerrors++; 1881 return (error); 1882 } 1883 1884 sc->sc_if.if_opackets++; 1885 sc->sc_if.if_obytes += len; 1886 1887 return (0); 1888 } 1889 1890 void 1891 bridge_ifinput(struct ifnet *ifp, struct mbuf *m) 1892 { 1893 struct mbuf_list ml = MBUF_LIST_INITIALIZER(); 1894 1895 m->m_flags |= M_PROTO1; 1896 1897 ml_enqueue(&ml, m); 1898 if_input(ifp, &ml); 1899 } 1900 1901 void 1902 bridge_send_icmp_err(struct bridge_softc *sc, struct ifnet *ifp, 1903 struct ether_header *eh, struct mbuf *n, int hassnap, struct llc *llc, 1904 int mtu, int type, int code) 1905 { 1906 struct ip *ip; 1907 struct icmp *icp; 1908 struct in_addr t; 1909 struct mbuf *m, *n2; 1910 int hlen; 1911 u_int8_t ether_tmp[ETHER_ADDR_LEN]; 1912 1913 n2 = m_copym(n, 0, M_COPYALL, M_DONTWAIT); 1914 if (!n2) { 1915 m_freem(n); 1916 return; 1917 } 1918 m = icmp_do_error(n, type, code, 0, mtu); 1919 if (m == NULL) { 1920 m_freem(n2); 1921 return; 1922 } 1923 1924 n = n2; 1925 1926 ip = mtod(m, struct ip *); 1927 hlen = ip->ip_hl << 2; 1928 t = ip->ip_dst; 1929 ip->ip_dst = ip->ip_src; 1930 ip->ip_src = t; 1931 1932 m->m_data += hlen; 1933 m->m_len -= hlen; 1934 icp = mtod(m, struct icmp *); 1935 icp->icmp_cksum = 0; 1936 icp->icmp_cksum = in_cksum(m, ntohs(ip->ip_len) - hlen); 1937 m->m_data -= hlen; 1938 m->m_len += hlen; 1939 1940 ip->ip_v = IPVERSION; 1941 ip->ip_off &= htons(IP_DF); 1942 ip->ip_id = htons(ip_randomid()); 1943 ip->ip_ttl = MAXTTL; 1944 ip->ip_sum = 0; 1945 ip->ip_sum = in_cksum(m, hlen); 1946 1947 /* Swap ethernet addresses */ 1948 bcopy(&eh->ether_dhost, ðer_tmp, sizeof(ether_tmp)); 1949 bcopy(&eh->ether_shost, &eh->ether_dhost, sizeof(ether_tmp)); 1950 bcopy(ðer_tmp, &eh->ether_shost, sizeof(ether_tmp)); 1951 1952 /* Reattach SNAP header */ 1953 if (hassnap) { 1954 M_PREPEND(m, LLC_SNAPFRAMELEN, M_DONTWAIT); 1955 if (m == NULL) 1956 goto dropit; 1957 bcopy(llc, mtod(m, caddr_t), LLC_SNAPFRAMELEN); 1958 } 1959 1960 /* Reattach ethernet header */ 1961 M_PREPEND(m, sizeof(*eh), M_DONTWAIT); 1962 if (m == NULL) 1963 goto dropit; 1964 bcopy(eh, mtod(m, caddr_t), sizeof(*eh)); 1965 1966 bridge_output(ifp, m, NULL, NULL); 1967 m_freem(n); 1968 return; 1969 1970 dropit: 1971 m_freem(n); 1972 } 1973 1974 struct bridge_tunneltag * 1975 bridge_tunnel(struct mbuf *m) 1976 { 1977 struct m_tag *mtag; 1978 1979 if ((mtag = m_tag_find(m, PACKET_TAG_TUNNEL, NULL)) == NULL) 1980 return (NULL); 1981 1982 return ((struct bridge_tunneltag *)(mtag + 1)); 1983 } 1984 1985 struct bridge_tunneltag * 1986 bridge_tunneltag(struct mbuf *m) 1987 { 1988 struct m_tag *mtag; 1989 1990 if ((mtag = m_tag_find(m, PACKET_TAG_TUNNEL, NULL)) == NULL) { 1991 mtag = m_tag_get(PACKET_TAG_TUNNEL, 1992 sizeof(struct bridge_tunneltag), M_NOWAIT); 1993 if (mtag == NULL) 1994 return (NULL); 1995 bzero(mtag + 1, sizeof(struct bridge_tunneltag)); 1996 m_tag_prepend(m, mtag); 1997 } 1998 1999 return ((struct bridge_tunneltag *)(mtag + 1)); 2000 } 2001 2002 void 2003 bridge_tunneluntag(struct mbuf *m) 2004 { 2005 struct m_tag *mtag; 2006 if ((mtag = m_tag_find(m, PACKET_TAG_TUNNEL, NULL)) != NULL) 2007 m_tag_delete(m, mtag); 2008 } 2009 2010 void 2011 bridge_copyaddr(struct sockaddr *src, struct sockaddr *dst) 2012 { 2013 if (src != NULL && src->sa_family != AF_UNSPEC) 2014 memcpy(dst, src, src->sa_len); 2015 else { 2016 dst->sa_family = AF_UNSPEC; 2017 dst->sa_len = 0; 2018 } 2019 } 2020 2021 void 2022 bridge_copytag(struct bridge_tunneltag *src, struct bridge_tunneltag *dst) 2023 { 2024 if (src == NULL) { 2025 memset(dst, 0, sizeof(*dst)); 2026 } else { 2027 bridge_copyaddr(&src->brtag_peer.sa, &dst->brtag_peer.sa); 2028 bridge_copyaddr(&src->brtag_local.sa, &dst->brtag_local.sa); 2029 dst->brtag_id = src->brtag_id; 2030 } 2031 } 2032